1. The Field of the Invention
The present invention generally relates to electronic messaging systems. More specifically, the present invention provides for ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages.
2. Background and Related Art
Electronic message communications among users of various computer systems have been known for many years. Many companies have developed internal electronic messaging systems that allow email communications between various computers connected to corporate Local Area Networks (LANs) and/or other networks. Moreover, companies have reengineered the processes and procedures to take maximum advantage of email communications in order to provide a convenient mechanism for exchanging information and documents; thus reducing the handling of paperwork and speeding the flow of information between and among many employees of various departments. Traditionally, however, large-scaled networks connecting various divisions over vast distance were extremely expensive. In addition, the large-scaled networks which did exist generally used proprietary protocols, which were difficult to interconnect with other networks.
With the growth and development of the Internet, however, this situation dramatically changed. Today, a company may install a corporate LAN at sites separated by large geographical distances and “backbone” communications between sites over the Internet. In many ways, the Internet has become a standard with which any viable network must interact.
The ease in wide spread distribution of messages over the Internet, however, has created growing concerns for many businesses over ensuring that confidential and other sensitive subject matter is only viewed by those with the specific rights to do so. Due to these concerns, encryption techniques have been created that use synchronous or asynchronous keys for securing communications. More recently, the use of the encryption process has been extended to Information Rights Management (IRM), which expresses policies about how content can be used. Information Rights Management provides software that protects ownership of electronic content or messages by restricting what actions an authorized recipient may take in regard to that content. A few of the primary functions of IRM are first to control licensing authorization so that content is unlocked by only authorized intermediate or end-users that have secured a license, and second to control content usage according to the conditions of the license imposed by the author. Another function of IRM is to identify the origin of unauthorized copies of content to further combat piracy.
Originally, the idea of rights management was used to protect against the on-line piracy of commercially marketed materials such as digital periodicals, books, photographs, educational material, video, music, etc. The use of rights management, however, has become increasingly popular in the business setting to protect proprietary or confidential information within a business network. For example, a CEO of a large corporation may wish to distribute an email that includes trade-secrets. Because of the confidential nature of this information, however, the CEO may wish to limit the actions recipients may take in regards to this content. For example, the CEO may wish to allow upper-level management to read, copy, print, and save the confidential information; however, she may wish to limit other employees to no access at all or to read-only access with no forwarding capabilities. Accordingly, through the use of IRM the CEO can specify who's authorized to view the protected content and what actions they may take in regards thereto.
The above paragraph illustrates just one of many examples of the importance of controlling the distribution of messages with sensitive subject matter in a business network environment. Although rights management is becoming a popular tool in business settings, there currently exist several draw backs and deficiencies in this system. For example, typically the recipient of protected content is required to obtain a user license from an IRM server in order to open and use the protect content. Enforcement of the rights within the user license currently relies on the participation of all client applications that interact with the content and relies on application to application trust. In certain instances, however, such reliance or trust is either lacking or can be circumvented.
For example, a recipient may be restricted to read only access with no forwarding capabilities. Without the full participation of all clients that interact with the content, and/or application to application trust, a user may be able to cut and paste the protected content from one application to another. Even if, however, there is a full participation and trust between all client applications, the user may still be able to circumvent the rights management process. For instance, a user may simply print the screen and either retype or scan the information into a form that can be easily transferred in email messages and forwarded inappropriately against the rights management policy expressions. Accordingly, there exists a need to ensure that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred against the rights policies.